Navigation :

Kubernetes Scanner Image Pulling

Description

This search uses the Kubernetes logs from Splunk Connect from Kubernetes to detect Kubernetes Security Scanner.

Help
Kubernetes Scanner Image Pulling Help You must ingest Kubernetes logs through Splunk Connect for Kubernetes.

Help

Kubernetes Scanner Image Pulling Help

You must ingest Kubernetes logs through Splunk Connect for Kubernetes.

Search
`kube_objects_events` object.message IN ("Pulling image kube-hunter", "Pulling image kube-bench", "Pulling image kube-recon", "Pulling image kube-recon") \| rename object.* AS * \| rename involvedObject.* AS * \| rename source.host AS host \| eval phase="operate" \| eval severity="high" \| stats min(_time) as firstTime max(_time) as lastTime count by host, name, namespace, kind, reason, message, phase, severity \| `security_content_ctime(firstTime)` \| `security_content_ctime(lastTime)` \| `kubernetes_scanner_image_pulling_filter` Open in Search

Search

`kube_objects_events` object.message IN ("Pulling image *kube-hunter*", "Pulling image *kube-bench*", "Pulling image *kube-recon*", "Pulling image *kube-recon*") | rename object.* AS * | rename involvedObject.* AS * | rename source.host AS host | eval phase="operate" | eval severity="high" | stats min(_time) as firstTime max(_time) as lastTime count by host, name, namespace, kind, reason, message, phase, severity | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | `kubernetes_scanner_image_pulling_filter`

Open in Search